From 7fede0ce4404d8cbdda48277deee532bd390fd74 Mon Sep 17 00:00:00 2001
From: Lakshmi Narayana Kalavala <lkalaval@codeaurora.org>
Date: Mon, 19 Jul 2021 13:35:20 -0700
Subject: [PATCH] sepolicy: Add sepolicy to access memory devices

Add read/write access permission for memory devices to
hal_graphics_composer module

Change-Id: I894868f8f19b798edb9c80d94f73148b2c151a74
---
 generic/vendor/common/hal_graphics_composer_default.te | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/generic/vendor/common/hal_graphics_composer_default.te b/generic/vendor/common/hal_graphics_composer_default.te
index e244ae28..d07deaca 100644
--- a/generic/vendor/common/hal_graphics_composer_default.te
+++ b/generic/vendor/common/hal_graphics_composer_default.te
@@ -67,6 +67,10 @@ allow hal_graphics_composer_default vendor_dmabuf_system_heap_device:chr_file r_
 # whitelist the ioctl cmd that can be sent from hal_graphics_composer_default
 allowxperm hal_graphics_composer_default vendor_dmabuf_system_heap_device:chr_file ioctl DMA_HEAP_IOCTL_ALLOC;
 
+# Allow hal_graphics_composer_default to open/read vendor_membuf and vendor_vm_trusted device
+allow hal_graphics_composer_default vendor_membuf_dev:chr_file r_file_perms;
+allow hal_graphics_composer_default vendor_vm_trusted_device:chr_file r_file_perms;
+
 # Access /sys/devices/virtual/graphics/fb0
 r_dir_file(hal_graphics_composer_default, sysfs_type)